Obidou Health Informatics will only use your personal information in order to...
· Verify your identity
· Open and manage your account
· Enrol you in a program or provide you with a service
· Meet regulatory requirements
2.1 We give you a Clinic ID#.
The only one who can connect your mental health information and your name is your care team, and only when you give them permission. You also get to choose who sees what. That's why we call field-level security.
2.2 Consent can only be provided in writing, electronically or through an authorized representative.
2.3 There are no cases of implied consent.
2.4 You can withhold or withdraw your consent at any time.
2.5 Refusing or withdrawing consent will not affect your care in any way.
3.1 We will only use or disclose your personal information as mentioned above and only when necessary to fulfill the purposes identified at the time of collection.
3.2 We may be required to disclose your personal information to third parties when...
The disclosure is required by law
In an emergency that threatens an individual's life, health, or personal security
In any situation where child protection would be warranted
We require legal advice from a lawyer
For the purposes of collecting a debt
To protect ourselves from fraud
To investigate an anticipated contravention of law
3.3 We will not use or disclose your personal information for any additional purpose unless we obtain consent to do so.
3.4 We will ask you for permission to use, store or disclose information in order to do research, improve the treatments we provide or improve the healthcare system.
3.5 We will not sell your de-identified information without your specific consent and a specific reasonable, mutually agreed upon, financial compensation.
Retaining Personal Information
4.1 If we use personal information to make a decision that directly affects you, we will retain that information for at least one year, so that you have a reasonable opportunity to request access to it.
4.2 Subject to policy 4.1, we will retain client, customer, patient personal information only as long as necessary to fulfill the identified purposes above.
5.1 We will make reasonable efforts to ensure your personal information is accurate and complete, where it may be used to make a decision about you or disclosed to another organization.
5.2 Patients may request correction to their personal information in order to ensure its accuracy and completeness. A request to correct personal information must be made in writing and in sufficient detail to identify the correction being sought.
5.3 If the personal information is demonstrated to be inaccurate or incomplete, we will correct the information as required and send the corrected information to any organization to which we disclosed the personal information. If the correction is not made, we will note the patients’ correction request in the file.
6.1 We are committed to ensuring the security of client, customer and patient personal information in order to protect it from unauthorized access, collection, use, disclosure, copying, modification or disposal or similar risks.
6.2 The following security measures will be followed to ensure that patient personal information is appropriately protected, including:
physically securing offices where personal information is held
the use of user IDs, passwords, encryption, firewalls; restricting employee access to personal information as appropriate (i.e., only those that need to know will have access);
contractually requiring any service providers or third parties who requires access, to provide confidentiality agreements or comparable security measures.
6.3 We will use appropriate security measures when destroying patient’s personal information such as shredding documents and permanently deleting electronically stored information.
6.4 We will continually review and update our security policies and controls as technology changes to ensure ongoing personal information security.
7.1 Patients have a right to access their personal information, subject to limited exceptions, such as, solicitor-client privilege, disclosure would reveal personal information about another individual, health and safety concerns.
7.2 A request to access personal information must be made in writing and provide sufficient detail to identify the personal information being sought.
7.3 Upon request, we will also tell patients how we use their personal information and to whom it has been disclosed if applicable.
7.4 We will make the requested information available within 30 business days, or provide written notice of an extension where additional time is required to fulfill the request.
7.5 A fee may be charged for providing access to personal information. Where a fee may apply, we will inform the patient of the cost and request further direction from the patient on whether or not we should proceed with the request.
7.6 If a request is refused in full or in part, we will notify the patient in writing, providing the reasons for refusal and the recourse available to the client, customer, member.
Questions and Complaints
8.1 The Privacy Officer or designated individual is responsible for ensuring Obidou Health Informatics’ compliance with this policy and the Personal Information Protection Act.
8.2 Clients, customers, patients should direct any complaints, concerns or questions regarding Obidou Health Informatics’ compliance in writing to the Privacy Officer. If the Privacy Officer is unable to resolve the concern, the client, customer, patient may also write to the Information and Privacy Commissioner of British Columbia.
Obidou Health Informatics’ Privacy Officer
Ms. Astrid Sherman